6const __filename = __ac2FileURLToPath(import.meta.url);
L7: const __dirname = __ac2Dirname(__filename);
L8: var The=Object.create;var w3=Object.defineProperty;var Rhe=Object.getOwnPropertyDescriptor;var Ohe=Object.getOwnPropertyNames;var Nhe=Object.getPrototypeOf,$he=Object.prototype.has...
L9: `:""},this._extScope=e,this._scope=new sc.Scope({parent:e}),this._nodes=[new pT]}toString(){return this._root.render(this.opts)}name(e){return this._scope.name(e)}scopeName(e){retu...
L10: || (${a} == "string" && ${i} && ${i} == +${i})`).assign(s,(0,Ir._)`+${i}`);return;case"integer":n.elseIf((0,Ir._)`${a} === "boolean" || ${i} === null
L11: || (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function y6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
...
L18: ${new this._window.XMLSerializer().serializeToString(h)}`;return typeof Blob>"u"||this._options.jsdom?Buffer.from(b):new Blob([b],{type:w})}return
CriticalWallet Drain
Source uses private key material to transfer cryptocurrency funds.
dist/server.jsView on unpkg · L6 106Trigger-reachable chain: manifest.bin -> dist/server.js
L106: `)}
L107: `}function KIe(t,e){if(!t.appCallTrace||!t.disassembly)return"";let r=e;return e!==void 0?r=e:r={maxValueWidth:uD,topOfStackFirst:!1},xte(t.appCallTrace,t.disassembly,r)}function Z...
L108: `);return{content:[yn(a)],details:o}}}}var EMe=Be.Object({refresh:Be.Optional(Be.Boolean({description:"DEPRECATED / no-op (plugin v0.0.84+): every `ac2_capabilities` call now hits ...
...
L112: `);return{content:[yn(d)],details:a}}}}var OL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Hs(n)}function $L(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var y3={type:"object",properties:{},additionalProperties:!1};function $h(t){return{content:[{type:"text",text:t}]}}async function phe(t){if(!t)return $h("No active pairing invit...
...
L116: `));if(e.active)return $h(`Already connected (peer=${e.active.peerDid}). Run ac2_status for details.`);if(e.pendingInvitation&&!dhe(e.pendingInvitation))return phe(e.pen…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server.jsView on unpkg · L106 120`)}catch(o){process.stderr.write(`[ac2] could not write tool-proxy endpoint: ${String(o)}
L121: `)}}),r}function yhe(){try{uLe(HL())}catch{}}function vhe(t,e){let r=fLe();if(!r)return Promise.resolve({content:[{type:"text",text:"The AC2 wallet link host is not reachable (no t...
L122: `))i.trim()&&process.stderr.write(`[ac2] app-server: ${i}
112`);return{content:[yn(d)],details:a}}}}var OL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Hs(n)}function $L(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var y3={type:"object",properties:{},additionalProperties:!1};function $h(t){return{content:[{type:"text",text:t}]}}async function phe(t){if(!t)return $h("No active pairing invit...
...
L120: `)}catch(o){process.stderr.write(`[ac2] could not write tool-proxy endpoint: ${String(o)}
L121: `)}}),r}function yhe(){try{uLe(HL())}catch{}}function vhe(t,e){let r=fLe();if(!r)return Promise.resolve({content:[{type:"text",text:"The AC2 wallet link host is not reachable (no t...
L122: `))i.trim()&&process.stderr.write(`[ac2] app-server: ${i}
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/server.jsView on unpkg · L112 106`)}
L107: `}function KIe(t,e){if(!t.appCallTrace||!t.disassembly)return"";let r=e;return e!==void 0?r=e:r={maxValueWidth:uD,topOfStackFirst:!1},xte(t.appCallTrace,t.disassembly,r)}function Z...
L108: `);return{content:[yn(a)],details:o}}}}var EMe=Be.Object({refresh:Be.Optional(Be.Boolean({description:"DEPRECATED / no-op (plugin v0.0.84+): every `ac2_capabilities` call now hits ...
...
L112: `);return{content:[yn(d)],details:a}}}}var OL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Hs(n)}function $L(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var y3={type:"object",properties:{},additionalProperties:!1};function $h(t){return{content:[{type:"text",text:t}]}}async function phe(t){if(!t)return $h("No active pairing invit...
...
L116: `));if(e.active)return $h(`Already connected (peer=${e.active.peerDid}). Run ac2_status for details.`);if(e.pendingInvitation&&!dhe(e.pendingInvitation))return phe(e.pendingInvitat...
L117: `)}async function oLe(t,e){return e.
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/server.jsView on unpkg · L106 11|| (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function y6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
LowEval
Package source references a known benign dynamic code generation pattern.
dist/server.jsView on unpkg · L11 6const __filename = __ac2FileURLToPath(import.meta.url);
L7: const __dirname = __ac2Dirname(__filename);
L8: var The=Object.create;var w3=Object.defineProperty;var Rhe=Object.getOwnPropertyDescriptor;var Ohe=Object.getOwnPropertyNames;var Nhe=Object.getPrototypeOf,$he=Object.prototype.has...
L9: `:""},this._extScope=e,this._scope=new sc.Scope({parent:e}),this._nodes=[new pT]}toString(){return this._root.render(this.opts)}name(e){return this._scope.name(e)}scopeName(e){retu...
L10: || (${a} == "string" && ${i} && ${i} == +${i})`).assign(s,(0,Ir._)`+${i}`);return;case"integer":n.elseIf((0,Ir._)`${a} === "boolean" || ${i} === null
L11: || (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function y6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
...
L18: ${new this._window.XMLSerializer().serializeToString(h)}`;return typeof Blob>"u"||this._options.jsdom?Buffer.from(b):new Blob([b],{type:w})}return
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/server.jsView on unpkg · L6